System and method for locally sharing subscription of multimedia content

ABSTRACT

This invention relates to a method, devices and system for distributing rights to a digital content and for accessing said digital content. Further, the invention relates to a voucher structure defining rights to said digital content. Still further, the invention relates to a digital content structure adapted for arranging the distribution of rights to the digital content.

FIELD OF INVENTION

This invention relates to a method, devices and system for distributingrights to a digital content and for accessing said digital content.Further, the invention relates to a voucher structure defining rights tosaid digital content. Still further, the invention relates to a digitalcontent structure adapted for arranging the distribution of rights tothe digital content.

BACKGROUND OF INVENTION

U.S. patent application Ser. No. US 2002/0013772 and Internationalpatent applications no. WO00/58811 and no. WO00/59150 (all emanatingfrom U.S. provisional application 60/126,614) disclose ways ofdistributing and binding a digital licence to a user device usingDigital Rights Management (DRM). A DRM system operates on a computingdevice when a user requests a digital piece of content to be rendered bythe computing device. The system has a license store, a licenceevaluator, and a state store, and keeps track of possible contentrendering. The digital content is encrypted according to a content key(KD) on a user device having a public key (PU) and a correspondingprivate key (PR). To render digital content a digital licencecorresponding to the content is obtained, where the digital licenceincludes the content key (KD) therein in an encrypted form. Theencrypted content key (KD) from the digital license is decrypted toproduce the content key (KD), and the public key (PU) of the user deviceis obtained there from. The content key (KD) is then encrypted accordingto the public key (PU) of the user device (PU(KD)), and a sub-license iscomposed corresponding to and based on the obtained license, where thesub-license includes (PU(KD)). The composed sub-license is thentransferred to the user device, wherein the user device can decrypt(PU(KD)) with the private key thereof (PR) to produce the content key(KD), and can render the encrypted content on the user device with theproduced content key (KD).

The disclosed system requires a separate license for each computingdevice ordering a particular digital content, thus effectively limitingthe fast distribution of content throughout a plurality of computingdevices. Hence when a plurality of users request an identical contentevery user must have a separate licence.

International patent application no. WO01/98903 discloses methods andsystems for distributing content via a network using distributedconditional access agents to perform DRM. These include a watermarkingoperation to watermark content distributed to a content consumer.Further, an encryption operation encrypts content using a key associatedwith the content consumer. The content provider generates a set ofsession keys, encrypts the content using the set of session keys, andcommunicates the session keys to a content distributor. The contentdistributor encrypts the set of session keys using a user key so as togenerate a set of encrypted keys, which are subsequently communicated tothe content consumer. The content distributor further communicates theuser key to the content consumer, which upon receipt decrypts andextracts the set of session keys and uses the set of session keys todecrypt the encrypted content. The set of session keys can be atime-varying sequence of session keys. The process can includeauthentication and verification of the user credentials against contentaccess criteria. As described above with reference to US 2002/0013772,WO00/58811 and WO00/59150 these systems and methods are directed to oneuser/one device concept.

The patent applications US 2002/0013772, WO00/58811, WO00/59150, andWO01/98903, which patent applications are incorporated by reference inpresent specification, introduce problems since users want to experiencethe same right with digital media as with conventional media.

SUMMARY OF THE INVENTION

An object of the present invention is to provide a flexible distributionof digital content to content users, still protecting the content fromunauthorised use or copying.

A particular advantage of the present invention is provision of freedomfor the content user to use the content in different devices apart fromthe downloading device. It is further an advantage that a group ofusers, e.g. a family, can use the content as would be the case withconventional media. Further an advantage is that the content providercan deliver digital content in an attractive and useful way withoutrisking unauthorised use or copying.

A particular feature of the present invention relates to the provisionof main vouchers defining the content user's rights to the digitalcontent, wherein the main voucher further comprise child vouchersdefining use in other devices than the downloading device, or by otherusers in the proximity of the user having the main voucher.

The above object, advantage and feature together with numerous otherobjects, advantages and features, which will become evident from belowdetailed description, is obtained according to a first aspect of thepresent invention by a system for providing a first client familycomprising a first parent client and one or more first child clientsconnected in a second communication network access to a first digitalcontent and comprising:

-   -   (a) a right of use voucher associated with said first digital        content and comprising a first content key and one or more first        child vouchers; and    -   (b) a content provider adapted to connect to said first parent        client through a first communication network and adapted to        communicate said right of use voucher to said first parent        client; and wherein        said right of use voucher enables said first parent client to        communicate said one or more first child vouchers to said one or        more first child clients through said second communication        network, which one or more first child vouchers enable said one        or more first child clients to access said first digital content        associated with said right of use voucher.

The term “first” and “second” should in this context entirely beconstrued as term for differentiating between two elements and not beconstrued as a timing consideration.

The right of use voucher according to the first aspect of the presentinvention may be adapted to enable the first parent client to access thefirst digital content from the content provider through the firstcommunication network by applying the first content key. Further firstparent client may comprise an encryption key adapted to encrypt thefirst digital content for the one or more first child clients comprisinga decryption key associated with the encryption key.

The first client family according to the first aspect of the presentinvention may comprise a laptop or desktop computer, a personal digitalassistant, a mobile or cellular phone, a set-top box, television set, avideophone, an accessory thereof, or any combination thereof. That is, awide variety of electrical gadgets may in fact be connected to thecontent server. In fact, an oven, fridge or washing machine may connectto the content server and receive particular data from the contentprovider, for example, enabling the electrical gadget to perform in adifferent or better way. Alternatively, the device connecting to thecontent server may be an electronic device dedicated for the purpose ofsharing digital content around itself, e.g., a digital subscriptionmodule fitted in a private home, an office or a public site. Yetalternatively, the device connecting to the content server may be avirtual arrangement, whereby the device is an non-physical realizationin the virtual reality world, and stores links to the content and thevouchers instead of storing them physically. The accessory may compriseMP3 players, smart headphones, video goggles, newspaper or book readingequipment.

The first communication network according to the first aspect of thepresent invention may comprise a wired or wireless telecommunicationnetwork, a terrestrial, satellite, or cable television network, apower-line network, a computer network, or any combination thereof.Alternatively, the first communication network may partly or wholly berealized by using physical, tangible carriers like floppy disks, CDs,DVDs, memory cards and sticks or any other transportable media. Yetalternatively, the first network may be realized by a download ofcontent and right of use vouchers over a local connection such asshort-range radio or infrared connection. Further, the secondcommunication network may comprise a computer network, a wired orwireless telecommunication network, a power-line network, a televisionnetwork, a proximity terrestrial network such as short range radio orBluetooth, or any combination thereof. The second communication networkis particularly advantageous when implemented as a short range radio orBluetooth solution since the parent client in this way may act as amicro transmitter of digital content for child clients in the vicinity.

The computer network according to the first aspect of the presentinvention may comprise a wired or wireless local area network,metropolitan area network, wide area network, inter-network, or anycombination thereof. The inter-network such as the Internet provides anideal solution for the first communication network since digital contentmay be accessed from any geographical area. Also existing distributionnetworks for renting or selling digital media such as music CDs andvideo DVDS may be used for this purpose

The one or more first child clients according to the first aspect of thepresent invention may comprise a connection to the first communicationnetwork and the content provider may enable the one or more first childclients having a child voucher to access the first digital content fromthe content provider through the first communication network. The systemthus provides a plurality of access points to the content provider sothat the digital content may be easily accessed from a plurality ofclients simultaneously during for example a streaming of the digitalcontent.

Further, the one or more first child vouchers may enable the one or morefirst child clients to access digital content from the first parentclient through the second communication network. This is particularlybeneficiary in situations where the child clients connection to thefirst communication network is disconnected then the parent clientwithout burden to the first communication network provides a stream ofthe digital content to the child clients.

The first digital content according to the first aspect of the presentinvention may comprise graphics, series of graphics, text, series oftexts, picture, series of pictures, video, sequences of videos, audiotrack or series of audio tracks or any combination thereof. In fact, thedigital content may be control data for electrical gadgets, or music,film, or literary compositions.

The right of use voucher according to the first aspect of the presentinvention may further comprise:

-   -   (a) a first identification tag for identifying a specific first        parent client of said first client family owning said right of        use voucher;    -   (b) a second identification tag for identifying content provider        enabling access for said specific first parent client and one or        more first child clients to said first digital content;    -   (c) an authentication key pair operable for authenticating said        one or more child vouchers and comprising a public        authentication key and a private authentication key.

The first identification tag may be utilised during the periodicalauthentication of the parent client before the content provider. Theparent client may authenticate before the content provider by signingthe first and/or second identification tag using the parent client'sprivate key.

The content provider according to the first aspect of the presentinvention may enable the first parent client to authenticate the one ormore first child clients having the one or more first client vouchers bycommunicating a signed child voucher refresher comprising a validityperiod of associated first child voucher and an identification tag ofthe associated first child voucher. The authentication key pair mayadvantageously be utilised by the parent client for authenticating thechild clients. The parent client may encrypt and sign the child voucherrefresher applying the public authentication key and require the childclient to run in a secure mode before the content key may be used foraccessing the first digital content.

It needs to be noted that the parent client needs not necessarily obtaindirect access to the digital content, but may instead act as a holder ofthe parent voucher as well as a child client using one of the childvouchers contained in the parent voucher. In this way, all devices usingthe digital content may be treated equally with respect to the access tothe digital content.

Each of the one or more first child vouchers according to the firstaspect of the present invention may comprise a copy of the first contentkey operable to enable each of the one or more first child clientsaccess to the first digital content. By distributing the delegation ofcontent keys the content provider is freed from recordation of aplurality of clients and instead the content provider only needs torecord and authenticate the client families since the parent mayauthenticate the child clients.

The content provider according to the first aspect of the presentinvention may be adapted to encrypt the right of use voucher by applyinga public encryption key of the first parent client. By encrypting theright of use voucher the voucher may be communicated safely across thefirst communication network.

Further, the content provider may be adapted to enable the first parentclient to download the first digital content to a local memory, to viewthe first digital content at the content provider, to receive a streamof the first digital content from the content provider, or anycombination thereof. The term “download” should in this context beconstrued as a transfer of the entire digital content from the contentprovider to the client, also by using physical memory media, the term“view” should in this context be construed as the content providerexecuting digital content, i.e. utilising editorial platform, andproviding a terminal view of the digital content for the clients fromthe editorial platform, and finally the term “stream” should in thiscontext be construed as the content provider providing a continuousstream of data from the digital content.

The content provider according to the first aspect may further beadapted to enable the one or more first child clients to view the firstdigital content at the content provider or the first parent client, toreceive a stream of the first digital content from the content provideror the first parent client, or any combination thereof. The digitalcontent may thus be provided by the content provider or alternatively oradditionally by the parent client. The latter becomes significantwhenever the access points to the first communication network arelimited, for example, due to costs.

The content provider according to the first aspect of the presentinvention may further be adapted to connect to a second client familycomprising a second parent client and one or more second child clientsconnected through a third communication network and wherein the contentprovider is adapted to enable the one or more second child clientsaccess to a second digital content on the basis of one or more secondchild vouchers associated with the second digital content and with eachof the one or more second child clients. Obviously, the content providermay connect to a plurality of client families and provide a plurality ofdigital contents to any of the client families connected to the firstcommunication network.

The second parent client, the one or more second child clients and theone or more second child vouchers may incorporate any features of thefirst parent client, the one or more first child clients and the one ormore first child vouchers, respectively. Further, the thirdcommunication network may incorporate any features of the secondcommunication network.

The content provider according to the first aspect may be adapted toenable a first child client of the first client family and a secondchild client of the second client family to exchange a first childvoucher associated with the first digital content and with the firstchild client and a second child voucher associated with the seconddigital content and with the second child client. The enabling ofswitching child vouchers between two child clients from different clientfamilies is particularly flexible compared to prior art since while thedigital content cannot be copied the digital content may flow between aplurality of authenticated and validated clients.

The exchange of the one or more first and second child vouchers betweenthe one or more first and second child clients may be accomplished bythe content provider enabling the first and second parent or one or morechild clients to verify the compatibility between the one or more firstand second child vouchers; the first and second parent to deactivateexchanged child vouchers by setting stale flags in associated right ofuse vouchers; a first child client of the one or more first childclients having a second child voucher of the one or more second childvouchers access to the second digital content by means of the secondchild voucher provided that the first parent client and the secondparent client are able to authenticate the validity of the second childvoucher; and

enabling a second child client of the one or more second child clientshaving a first child voucher of the one or more first child vouchersaccess to the first digital content by means of the first child voucherprovided that the first parent client and the second parent client areable to authenticate the validity of the first child voucher.

The above objects, advantages and features together with numerous otherobjects, advantages and features, which will become evident from belowdetailed description, are obtained according to a second aspect of thepresent invention by a right of use voucher for enabling a client familyaccess to digital content associated with said right of use voucher andcomprising:

-   -   (a) a first identification tag for identifying a parent client        of said client family owning said right of use voucher;    -   (b) a second identification tag for identifying content provider        enabling access for said parent client and one or more child        clients of said client family to said digital content;    -   (c) one or more child vouchers comprising a content key operable        to enable said one or more child clients access to said digital        content; and    -   (d) an authentication key pair operable for authenticating said        one or more child vouchers and comprising a public        authentication key and a private authentication key.

The right of use voucher according to the second aspect of the presentinvention may incorporate any features of the system according to thefirst aspect of the present invention.

The above objects, advantages and features together with numerous otherobjects, advantages and features, which will become evident from belowdetailed description, are obtained according to a third aspect of thepresent invention by a method for providing access to digital contentcomprising:

-   -   (a) connecting to a first parent client by means of a content        provider utilising a communication network;    -   (b) communicating a first right of use voucher comprising one or        more first child vouchers by means of said content provider to        said first parent client;    -   (c) enabling said first parent client to forward said one or        more first child vouchers to one or more first child clients        through a second communication network; and    -   (d) enabling said one or more first child clients to access said        first digital content by means of said one or more first child        vouchers provided that the validity of said one or more first        child vouchers is authenticated.

The validity of the one or more first child vouchers according to thethird aspect of the present invention may be authenticated by the firstparent client.

The method according to the third aspect of the present invention mayfurther comprise (e) enabling the first parent client to access a firstdigital content provided by the content provider by means of the firstright of use voucher. Further, the method may further comprise (f)encrypting the first digital content in accordance with an encryptionkey by means of the first parent client for the one or more first childclients comprising a decryption key associated with the encryption key.

The one or more first child clients according to the third aspect of thepresent invention may be enabled to access the first digital content atthe content provider. Alternatively, the one or more first child clientsmay be enabled to access the first digital content at the first parentclient. By this approach a highly increased flexibility is given,although unauthorised copying and use of the digital content isprevented.

Enabling the one or more first child clients to access the first digitalcontent according to the third aspect of the present invention maycomprise downloading the first digital content, viewing the firstdigital content, streaming the first digital content, or any combinationthereof. The preferred access method depends highly on the type ofdigital content, and on the kind of client apparatus. Thus the presentinvention provides a beneficiary possibility to enhance the knowntechnology within the state of the art.

The method according to the third aspect of the present invention mayfurther comprise (g) receiving by means of the content provider a reportfrom the first parent client, which report comprises information onnumber child vouchers generated by means of a child voucher generatingmeans associated with the right of use voucher. This makes it possiblefor the content provider to track redistribution of the digital content,and the received information may be used for a multitude of things, suchas statistics, marketing, pricing or for other service developmentpurposes.

The method according to the third aspect of the present invention mayfurther comprise:

-   -   (h) enabling the first parent clients to encrypt the one or more        first child vouchers with a public encryption key associated        with the one or more first child clients before communicating        the one or more first child vouchers to the one or more first        child clients;    -   (i) enabling the one or more first child clients to decrypt the        one or more first child vouchers with a private encryption key        associated with the one or more first child clients to reveal a        content key to enable access to the first digital content.

In the method according to the third aspect of the present invention (h)and (i) may be performed in a secure mode.

The use of encryption and decryption in a secure mode to distribute adigital content encryption key for enabling access to the digitalcontent, effectively prevents unauthorised use of the digital content.On the other hand, the method according to the third aspect of thepresent invention may enable authorised use in a user-friendly manner.

The method according to the third aspect of the present invention mayfurther comprise enabling the first parent client to authenticate theone or more first child clients by communicating a signed child voucherrefresher including a new validity period for the one or more firstchild vouchers and an identification tag of the one or more first childvouchers. The authentication will thus provided a feasible solution forthe child client to achieve a right to access limited in time, and toget an update on said right to access. On the other hand, the parentclient and the content provider may control the child clients' right toaccess in a functional manner.

The method according to the third aspect of the present invention mayfurther comprise:

-   -   (j) connecting to a second parent client by means of the content        provider utilising the communication network;    -   (k) communicating a second right of use voucher including one or        more second child vouchers by means of the content provider to        the second parent client;    -   (l) enabling the second parent client to access a second digital        content provided by the content provider by means of the second        right of use voucher;    -   (m) enabling the second parent client to forward the one or more        second child vouchers to one or more second child clients        through a third communication network; and    -   (n) enabling the one or more second child clients to access the        second digital content by means of the one or more second child        vouchers provided that the validity of the one or more second        child vouchers is authenticated by the second parent client; and    -   (o) enabling the one or more first child clients and the one or        more second child clients to exchange the one or more first        child vouchers and the one or more second child vouchers.

This provides a solution for more flexible use of digital content acrossa plurality of devices, while the use cannot be freely copied. Theexchange of rights to access digital content between devices willfacilitate a user-friendly environment in any situation for consumingthe digital content.

Enabling exchange of the one or more first and second child vouchersbetween the one or more first and second child clients according to thethird aspect of the present invention may further comprise:

-   -   (i) verifying compatibility between one or more first and second        child vouchers;    -   (ii) deactivating to-be-exchanged child vouchers by setting        stale flags in associated right of use vouchers in the first and        second parent client;    -   (iii) enabling a first child client of the one or more first        child clients having a second child voucher of the one or more        second child vouchers access to the second digital content by        means of the second child voucher provided that the first parent        client and the second parent client are able to authenticate the        validity of the second child voucher; and    -   (iv) enabling a second child client of the one or more second        child clients having a first child voucher of the one or more        first child vouchers access to the first digital content by        means of the first child voucher provided that the first parent        client and the second parent client are able to authenticate the        validity of the first child voucher.

The use of a protocol to exchange child vouchers may enable devices ofdifferent types to safely exchange and ease handling of vouchers.

The method according to the third aspect of the present invention mayfurther comprise:

-   -   (p) enabling access by a basic voucher to a low-resolution        stream comprising one or more basic data sets;    -   (q) enabling access by a first enhanced voucher to a first        enhancement stream comprising one or more first data sets, which        first data sets are based on the basic data sets.

The method according to the third aspect of the present invention mayfurther comprise (r) enabling access by a second enhanced voucher to asecond enhancement stream comprising one or more second data sets, whichsecond data sets are based on the first data sets.

Providing digital content in this multi-resolution manner furtherimproves the feasibility to provide pre-views, low-resolution contentadapted to certain types of clients, extracts from the digital contentsor the like by a first voucher, and to provide higher resolution contentto other vouchers.

The method according to the third aspect of the present invention mayincorporate any features of the right of use voucher according to thesecond aspect of the present invention and the system according to thefirst aspect of the present invention.

The above objects, advantages and features together with numerous otherobjects, advantages and features, which will become evident from belowdetailed description, are obtained according to a fourth aspect of thepresent invention by a content provider server for providing a right ofuse voucher enabling a client family access to digital contentassociated with said right of use voucher comprising:

-   -   (a) means for generating a first identification tag for        identifying a parent client of said client family owning said        right of use voucher;    -   (b) means for generating a second identification tag for        identifying content provider enabling access for said parent        client and one more child clients of said client family to said        digital content;    -   (c) means for generating one or more child vouchers comprising a        content key operable to enable said one or more child clients        access to said digital content; and    -   (d) means for generating an authentication key pair operable for        authenticating said one or more child vouchers and comprising a        public authentication key and a private authentication key.

The content provider server according to the fourth aspect of thepresent invention may incorporate any features of the right of usevoucher according to the second aspect of the present invention, thesystem according to the first aspect of the present invention, and themethod according to the third aspect of the present invention.

The above objects, advantages and features together with numerous otherobjects, advantages and features, which will become evident from belowdetailed description, are obtained according to a fifth aspect of thepresent invention by a communication terminal for receiving a right ofuse voucher enabling access for said communication terminal and one ormore designated child terminals to a digital content associated withsaid right of use voucher according to claim 20, and comprising:

-   -   (a) means for identifying said first and second identification        tag of said right of use voucher;    -   (b) means for distributing one or more child vouchers comprising        a content key operable to enable said one or more designated        child terminals access to said digital content; and    -   (c) means for processing an authentication key pair operable for        authenticating said one or more child vouchers and comprising a        public authentication key and a private authentication key.

The above objects, advantages and features together with numerous otherobjects, advantages and features, which will become evident from belowdetailed description, are obtained according to a sixth aspect of thepresent invention by a communication terminal for receiving a childvoucher enabling access a digital content associated with a right of usevoucher according to claim 20, and comprising:

-   -   (a) means for revealing a content key from said child voucher        operable to enable said client access to a digital content;    -   (b) means for accessing said digital content through a        communication network.

A communication terminal according to the fifth and sixth aspect of thepresent invention should in this context be construed as a mobile orcellular phone, a wired phone, a laptop or desktop computer, a personaldigital assistant, a set-top box, television set, a videophone, or anycombination thereof.

The communication terminal according to sixth aspect of the presentinvention may be adapted to access said digital content from a contentprovider, from said parent client, or any combination thereof.

A communication terminal according to the fifth and sixth aspect of thepresent invention may incorporate any features from one another and/orfrom the right of use voucher according to the second aspect of thepresent invention, the system according to the first aspect of thepresent invention, the method according to the third aspect of thepresent invention, and the content provider server according to thefourth aspect of the present invention.

The above objects, advantages and features together with numerous otherobjects, advantages and features, which will become evident from belowdetailed description, are obtained according to a seventh aspect of thepresent invention by a computer program comprising code adapted toperform the following steps when said program is run on a processor:

-   -   (a) connecting to a first parent client by means of a content        provider utilising a communication network;    -   (b) communicating a first right of use voucher comprising one or        more first child vouchers by means of said content provider to        said first parent client;    -   (c) enabling said first parent client to forward said one or        more first child vouchers to one or more first child clients        through a second communication network; and    -   (d) enabling said one or more first child clients to access said        first digital content by means of said one or more first child        vouchers provided that the validity of said one or more first        child vouchers is authenticated.

The processor according to the seventh aspect of the present inventionmay comprise a content provider, a parent client, a child client, or anycombination thereof.

A computer program according to the seventh aspect of the presentinvention may incorporate any features of the right of use voucheraccording to the second aspect of the present invention, the systemaccording to the first aspect of the present invention, the methodaccording to the third aspect of the present invention, the contentprovider server according to the fourth aspect of the present invention,and the communication terminal according to the fifth and sixth aspectof the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS

The above, as well as additional objects, features and advantages of thepresent invention, will be better understood through the followingillustrative and non-limiting detailed description of preferredembodiments of the present invention, with reference to the appendeddrawings, wherein:

FIG. 1, shows an overall view of a system according to a firstembodiment of the present invention;

FIG. 2, shows a right of use voucher utilised in the system according tothe first embodiment of the present invention;

FIG. 3, shows an overall view of the communication performed in thesystem according to the first embodiment of the present invention;

FIG. 4, shows a system according to a further embodiment of the presentinvention; and

FIG. 5, shows an example of utilisation of the first embodiment of thepresent invention.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

In the following description of the various embodiments, reference ismade to the accompanying drawings which form a part hereof, and in whichis shown by way of illustration various embodiments in which theinvention may be practiced. It is to be understood that otherembodiments may be utilized and structural and functional modificationsmay be made without departing from the scope of the present invention.

FIG. 1 shows a system for providing access to digital content andaccording to a first embodiment of the present invention, which systemis designated in its entirety by reference numeral 100. The system 100comprises a content provider 102, such as an Internet server or a proxyserver, providing digital content to a plurality of clients designatedin entirety by reference numeral 104. The plurality of clients 104 maycomprise a mobile terminal, such as a mobile or cellular telephone andaccessories thereto; a personal digital assistant; a laptop or desktopcomputer and accessories thereto e.g. computer or telecommunicationnetwork access points; or any combination thereof. Further, theplurality of clients 104 may comprise low end mobile terminals;accessories of low end mobile terminals; multimedia extensions tocomputers such as MP3 players, smart headphones or video goggles;newspaper or book reading devices, or any combination thereof.

Digital content is in this context to be construed as digitised filescontaining newspapers, magazines, books, music, and films, broadcastprograms i.e. vocal, video or both, or parts thereof.

The content provider 102 is connected to a first parent client 106 ofthe plurality of clients 104 through a first communications network 108such as a computer network, a wired or wireless telecommunicationnetwork, a power network, a television network, or any combinationthereof. Also physical carriers like CDs, DVDs, or any other memorymeans may be used. The content provider 102 utilises the communicationnetwork 108 to communicate control signals to the parent client 106,which control signals are shown as arrows 110 in FIG. 1. Further, thecontent provider 102 utilises the communication network 108 tocommunicate digital content signals to the plurality of clients 104,which digital content signals are shown as arrows 112 in FIG. 1.

The control signals 110 comprise a first right of use voucher 114 fordigital content administrated by the content provider 102. The right ofuse voucher will be further described with reference to FIG. 2.

The first right of use voucher 114 comprises one or more first childvouchers 114′, of which one is forwarded by the parent client 106 to achild client 116. The parent client 106 connects to the child client 116through a second communication network 118 and forwards the first childvoucher 114′ as control signals, shown in FIG. 1 as arrows 120.

The first right of use voucher 114 enables the parent client 106 toaccess associated digital content, such as a first digital content 122,provided by the content provider 102. Access should in this context beconstrued as enabling reading capabilities to the plurality of clients104. Accessing of the first digital content 122 may entail transferringor downloading of the first digital content 122 to the parent client106, viewing the first digital content 122 at the content provider 102,streaming the first digital content 122 from the content provider 102 tothe parent client 106, or any combination thereof.

The first child voucher 114′ enables the first child client 116 toaccess the first digital content 122 provided that the first parentclient 106 is able to authenticate the validity of the first childvoucher 114′ during its use. The first child client 116 may access thefirst digital content 122 directly at the content provider 102 throughthe first communication network 108 as the digital content signal 112and/or at the first parent client 106 as a digital content signal, shownin FIG. 1 as arrows 124. Hence the first child voucher 114′ enables thefirst child client 116 to transfer or download the first digital content122 to the first child client 116, view the first digital content 122 atthe content provider 102, stream the first digital content 122 from thecontent provider 102 or from the first parent client 106, or anycombination thereof.

Alternatively, only part of the first digital content is encryptedduring streaming, e.g., the most important intra frames of a videosequence or amplification information of a musical piece. This way, thefirst digital content 122 may be streamed or played back from anysource, i.e. the content provider 102 or the first parent client 106, atthe first child client 116, while only streaming the encrypted piecesfrom the first parent client 106.

The second communication network 118 comprises a computer network, awired or wireless telecommunication network, a power-line network, atelevision network, a proximity terrestrial network such as short rangeradio or Bluetooth, or any combination thereof.

For example, the an electronic newspaper subscription may include aproximity group voucher, i.e. a right of use voucher comprising one ormore child vouchers, enabling sharing of digital content between aplurality of devices close to one another. The main subscriber (parentclient) is responsible for sharing the child vouchers to the devicesnearby e.g. within Bluetooth range or a wireless local area network(WLAN). After forwarding the child vouchers to the devices the mainsubscriber must authenticate the child vouchers using the proximitygroup voucher. While the child vouchers are valid the digital contentmay be accessed freely. Hence a newspaper or an e-book purchased by afirst family member device is accessible by a second family device inthe vicinity of the first family member device provided the secondfamily device comprises a child voucher.

The term proximity should in this context be construed as a physicalreality i.e. devices are physically close to one another or as a virtualreality i.e. the devices are virtually close to one another such asbeing established in a virtual reality arrangement. Also other measuresof proximity such as those defined by a presence application, wherepeople can define their desired relations digitally.

The streaming of digital content to a proximity group, i.e. a parent andone or more child clients, is particularly advantageous since a groupvoucher enables a plurality of clients to plug into a streaming serveror a proxy of the streaming server to access the digital content. Shortrange multicast established by a multicast server is especially suitablefor this purpose, since in this case all the clients (parent andchildren) are physically in the vicinity of the multicast server andtherefore easily authenticated e.g. by the multicasting server acting asa content proxy for the content provider and as a voucher proxy for theowner of the rights of use voucher (parent). Hence, for example, a groupof friends each having a client device may share a movie or a musicvideo and watch it together on their own client devices.

When the first digital content 122 is protected by a digital rightsmanagement solution 126 in the system 100, the first digital content 122may be forwarded to the first child client 116 directly as a file in aformat prohibiting the first child client 116 to open the file without avalid first child voucher 114′ restricted to a specific period andchecked by the first parent client 106. Thus, since the first childvoucher 114′ is checked by the first parent client 106, the first parentclient 106 does not necessarily need a continuous connection to thefirst communication network 108, which obviously provides a solutionbeneficiary to reducing communication costs.

Alternatively, the first digital content 122 is stored on memory 107associated with the first parent client 106 and the first child client116 streams the first digital content 122 from the first parent client106 and utilises the first child voucher 114′ for authenticating thestreaming. Hence, for example, enabling sharing digitally protectedmusic among friends.

In a further embodiment of the present invention the parent client 100desires to share the first digital content 122 over the secondcommunication network 118, e.g. a short range connection, randomly. Thefirst parent client 106 has purchased a rights of use voucher comprisingone or more child vouchers from the content provider 102 and offers theone or more child vouchers to one or more child clients 128 connectedthrough connections 130 and 132 to the first and second communicationnetwork 108 and 118. Each of the one or more child clients 128 mayutilise one of the provided child vouchers to stream the first digitalcontent 122 purchased by the first parent client 106 directly from thecontent provider 102. Thus the first parent client 106 and the secondcommunication network 118 is not unduly burdened by stream traffic. Thisparticular embodiment of the present invention is advantageous as amicro radio station, for example, in buses, trains or other means oftransportation, hotels, conference venues, airports etc.

As will be further described with reference to FIG. 2 the first right ofuse voucher 114 does not necessarily comprise a content key enabling theparent client 106 to access associated digital content 122 as a parent,but each of the first child voucher 114′ may comprise a content keyenabling the first child client 116 and/or the one or more child clients128 to access the associated digital content 122. This is especiallysuitable in an implementation of a system where all the clients, alsothe parent client, act as child clients.

Alternatively, the first right of use voucher 114 comprises a contentkey enabling the parent client 106 to access associated digital content122 provided by the content provider 102. In addition, the first parentclient 106 may utilise a private encryption key for re-encrypting thedigital content 122 so as to enable the first child client 116 and/orthe one or more child clients 128 to decrypt the digital content 122using a public encryption key.

FIG. 1, further shows second parent client 134 of the plurality ofclients 104 connecting to the content provider 102 for accessing secondpiece of digital content 136. The content provider 102 forwards a secondrights of use voucher 138 associated with the second piece of digitalcontent 136 shown as the arrows 110, which second rights of use voucher138 comprises one or more second child vouchers 138′. The one or moresecond child vouchers 138′ is forwarded by the second parent client 134to connecting one or more second child clients designated in entirety byreference numeral 140 through a third communication network 142 such asdescribed with reference to the second communication network. Thiscommunication is shown as arrows 143.

It should be understood that the term first and second in this contextis entirely used for differentiating between one or more parent clients,child clients and vouchers.

When the second parent client 134 distributes the one or more secondchild vouchers 138′ that are verified against the second rights of usevoucher 138, and the first parent client 106 distributes the one or morefirst child vouchers 114′ that are verified against the first right ofuse voucher 114, then the verification sources (the first and secondparent client 106 and 134) may be exchanged so that the first parentclient 106 then comprises one or more second child vouchers 138′verifiable against the first rights of use 114 and the second parentclient 134 then comprises the first child voucher 114′ verifiableagainst the second rights of use 138. This provides a solution for moreflexible use of digital content across a plurality of devices, while theuse cannot be freely copied.

In the presently preferred embodiment of the system 100 the first andsecond parent clients 106 and 134 are mobile or fixed terminals orcomputers having computer or telecommunication network access points soas to communicate with the content provider 102, the child clients 116,128 and 140 are mobile terminals or mobile terminal accessories such asMP3 players, smart headphones or video goggles; newspaper or bookreading devices, and the second and third communication networks 118 and142 are physical proximity networks.

The first parent client 106 further is capable of receiving a thirdright of use voucher 144 through a fourth communication network 146through communication channels symbolized by arrows 148. The firstparent client 106 forwards a child voucher 144′ to the first childclient 116 using the second communication network 118. The first childclient 116 accesses a third digital content 150 from the contentprovider 102 by using the first communication network 108. The term“network” should in this context be construed as distributinginformation, and may comprise a physical carrier, such as a floppy disk,compact disc, digital versatile disk, memory card and stick or any othertransportable memory media. For example, the first parent client 106purchases music on a physical carrier (the fourth communication network146). Along with the music comes child vouchers allowing child clientsto listen to, for example, one song. The first parent client 106 sends achild voucher to one of his friends, having a child client i.e. thefirst child client 116, e.g. by using Bluetooth. In case, the firstchild client 116 wishes to listen to the song, when the first parentclient 106 is not available, the first child client 116 accesses a webpage hosted by the content provider 102 through the first communicationnetwork 108. The content provider 102 may in this case be a recordcompany streaming the requested song to the first child client 116.

FIG. 2, shows a right of use voucher designated in its entirety byreference numeral 200. The voucher 200 is a two part digital documenthaving a parent part 202 and a child part 204. The child part 204comprises a child voucher description 206 and one or more child vouchers208. The parent part 202 comprises and authentication key pair 210 usedfor authenticating the one or more child vouchers 208. Each of the childvouchers 208 comprise a content key 212, which may be used for accessingdigital content at a content provider provided the child voucher 208 isvalid.

The parent part 202 further comprises a first identification element 214for identifying the client associated with the rights of use voucher200, a second identification element 216 for identifying the contentprovider associated with the rights of use voucher 200, and a voucherright description 218.

The content provider ties the rights of use voucher 200 to a specificparent client using the rights of use voucher 200 and said parent clientties each of the one or more child vouchers 208 to each of the childclients using the one or more child vouchers 208.

When a parent client purchases a right of use voucher 200 from a contentprovider, the content provider records the purchase and ties the parentclient to the right of use voucher 200. The authentication key pair 210and the content key 212 are encrypted by the content provider applying apublic encryption key associated with and forwarded to the parentclient. A private encryption key associated with the public key of theparent client is stored encrypted locally on memory associated with theparent client, only enabling the parent client to decrypt theauthentication key pair 210 and the content key 212, when the parentclient is operating in a protected mode.

The authentication key pair 210 comprises a public authentication keyand a private authentication key. Since the parent client operates in aprotected mode undesired revelation of the private encryption key hasbecome very difficult. The private authentication key is used forsigning the child vouchers 208, which signature further comprises theidentification of the child client.

The right of use voucher 200 may comprise a plurality of child vouchersas shown in FIG. 2 or may in fact comprise the possibility of generatingan unlimited number of child vouchers by using a voucher generator. Thevoucher generator comprises a secure application program provided by thecontent provider. The generation of child vouchers is recorded andreported back to the content provider e.g. as part of a normalauthentication procedure.

FIG. 3, shows an overall view of the communication system designated inits entirety by reference numeral 300, which system 300 is establishedbetween a parent client 302 and an associated child client 304. Theparent client 302 comprises a right of use voucher 306 (as described inFIG. 2 as reference numeral 200) in a secure mode 308. Before enablingthe child client 304 to access digital content, the child client 304forwards a public encryption key 310 associated with the child client304 enabling the parent client 302 to encrypt a child voucher 312. Thechild client comprises, as described above with reference to FIG. 2, acontent key 314.

The parent client 302 encrypts the child voucher 312 with the publicencryption key 310 before communicating the child voucher 312 to thechild client 304. The child client 304 decrypts the child voucher 312using a private encryption key 316 associated only with the child client304 and stored on memory associated with the child client 304. Bydecrypting the child voucher 312 the content key 314 is revealed and thechild client 304 may access the digital content either directly at thecontent provider or at the parent client 302.

During the entire process of accessing digital content the parent client302 regularly authenticates the child client 304 by communicating asigned child voucher refresher 318 comprising at least a new validityperiod of the child voucher 314 and an identification tag 313 of thechild voucher 312. Prior to communicating the signed child voucherrefresher 318 the parent client 302 encrypts the signed child voucherrefresher 318 using the public encryption key 310.

When child vouchers, such as for example the child voucher 312, areexchanged between child clients associated to one or more parent clientsa protocol is required so as to avoid unauthorised copying or accessingof the digital content. The protocol comprises encryption of the childvouchers to be exchanged between child clients. For example if a firstand second child client wishes to exchange a first and second childvoucher, respectively, the first child client utilises a publicencryption key of the second child client for encrypting the first childvoucher to be communicated to the second child client and the secondclient utilises a public encryption key of the first child client forencrypting the second child voucher to be communicated to the firstchild client. Thus, the coding of both child vouchers are changed inassociated child client so that the child voucher are encrypted inaccordance with the receiving child client's public encryption key.

The protocol further comprises establishing a child voucher dependencyon the parent vouchers i.e. in the original parent client and in thereceiving parent client. That is, the first child voucher requirespreliminary authentication from the first child client's parent and thesecond child client's parent in order to utilise the second childvoucher, and the second child client, similarly, requires preliminary anauthentication from the first child client's parent and the second childclient's parent in order to utilise the first child voucher. Followingthe authentication of the first and second child vouchers therequirement for the originating parent clients to authenticatetransferred child vouchers is removed.

The protocol further comprises verification of compatibility between thechild vouchers, setting of stale flags for the to-be-exchanged childvouchers in the right of use voucher in the parent client, anddeactivating the child vouchers. That is, the first child client'saccess to the digital content associated with the first child voucher isdisabled for the first child client and, similarly, the second childclient's access to the digital content associated with the second childvoucher is disabled for the second child client. The associated parentclients are notified and a flag for the child clients is set in theright of use voucher.

The protocol further comprises deleting of the child vouchers from theinitial child clients. That is, the first child client having a localmemory deletes from the memory the first child voucher and the secondchild client having a local memory deletes from the memory the secondchild voucher.

The protocol further comprises receiving and decrypting of the childvouchers utilising associated private encryption keys of the receivingchild clients followed by confirmation of successful exchange. Theconfirmation may comprise forwarding a non-essential part of the childvoucher to the sending child client e.g. a part of the child voucherdescription (reference numeral 204 in FIG. 2) or an identification tag(reference numeral in FIG. 3), which is signed with the confirming childclient's private encryption key. In addition, upon receiving andverification of the signed non-essential part of the child voucher, theparent clients authenticate the child vouchers thereby activating thechild vouchers. That is, the first child client receives and decryptsthe second child voucher and confirms the receipt by utilising the firstchild client private encryption key to sign a non essential part of thesecond child voucher and forwards this information to the second childclient. Following the reception and verification of information andsignature the first parent client authenticates the first child client'ssecond child voucher.

In addition, the protocol further comprises enabling chained exchange ofchild vouchers, while prohibiting copying, by introducing a chain offirst identification elements of the parent clients (such as the firstidentification element 214 shown in FIG. 2) into child voucher therebyenabling the content provider or the parent client to track the childvoucher.

FIG. 4, shows a further embodiment of the present invention in which asystem designated in entirety by reference numeral 400. The system 400enables encryption of digital content in a multi-resolution manner,wherein a plurality of decryption keys enable the use of differentlevels of the digital content.

The system 400 comprises a low resolution stream 402 comprising one ormore basic data sets 404 to be streamed, a first enhancement stream 406comprising one or more first data sets 408, which are based on the oneor more basic data sets 404, and a second enhancement stream 410comprising one or more second data sets 412, which are based on the oneor more first data sets 408.

The client may access the one of the streams 402, 406 and/or 410 inaccordance with the client's voucher. A basic voucher 414 enables theclient to access the low resolution stream 402, a first enhanced voucher416 enables the client to access the first enhanced stream 406, and thesecond enhanced voucher 418 enables the client to access the secondenhance stream 410.

The system 400 thus enables an owner of a right of use voucher to allowfull use of the digital content associated with the right of use voucherto some child clients while allowing reduced use of the digital contentto other child clients. The reduced use may result in a reducedresolution or quality of the digital content being accessed.

FIG. 5 shows a system designated in its entirety by reference numeral500, which system comprises a communication terminal 502, such as acellular phone, communicating with a content provider server 504 througha wireless communication system. The communication terminal 502purchases a right of use voucher from the content provider server 504and forwards a child voucher contained in the right of use voucher to adisplay 508, such as a TV set, through a Bluetooth link 510. The display508 may now access digital content associated with the right of usevoucher from the communication terminal 502 or from the content providerserver 504 through a communication network 512 such as the Internet. Thecommunication between the display 508 and the content provider server isillustrated in FIG. 5 as arrows 514.

1. System for providing a first client family comprising a first parentclient and one or more first child clients connected in a secondcommunication network access to a first digital content and comprising:(a) a right of use voucher associated with said first digital contentand comprising a first content key and one or more first child vouchers;and (b) a content provider adapted to connect to said first parentclient through a first communication network and adapted to communicatesaid right of use voucher to said first parent client; and wherein saidright of use voucher enables said first parent client to communicatesaid one or more first child vouchers to said one or more first childclients through said second communication network, which one or morefirst child vouchers enable said one or more first child clients toaccess said first digital content associated with said right of usevoucher.
 2. System according to claim 1, wherein said right of usevoucher is adapted to enable said first parent client to access saidfirst digital content from said content provider through said firstcommunication network by applying said first content key.
 3. Systemaccording to claim 1, wherein said first parent client comprising anencryption key adapted to encrypt said first digital content for saidone or more first child clients comprising a decryption key associatedwith said encryption key.
 4. System according to claim 1, wherein saidfirst client family comprises a laptop or desktop computer, a personaldigital assistant, a mobile or cellular phone, a set-top box, televisionset, a videophone, or any combination thereof.
 5. System according toclaim 1, wherein said second communication network comprises a computernetwork, a wired or wireless telecommunication network, a power-linenetwork, a television network, a proximity terrestrial network such asshort range radio or Bluetooth, or any combination thereof.
 6. Systemaccording to claim 1, wherein said first communication network comprisesa wired or wireless telecommunication network, a terrestrial, satellite,or cable television network, a power-line network, a computer network,or any combination thereof.
 7. System according to claim 1, wherein saidfirst communication network comprises a physical, tangible carriercomprising a floppy disk, a compact disc, a digital versatile disc, amemory card, a memory stick, or any combination thereof.
 8. Systemaccording to any of claim 5, wherein said computer network comprises awired or wireless local area network, metropolitan area network, widearea network, inter-network, or any combination thereof.
 9. Systemaccording to claim 1, wherein said one or more first child clientscomprise a connection to said first communication network and whereinsaid content provider enables said one or more first child clientshaving a child voucher through said first communication network toaccess said first digital content from said content provider.
 10. Systemaccording to claim 1, wherein said one or more first child vouchersenable said one or more first child clients to access digital contentfrom said first parent client through said second communication network.11. System according to claim 1, wherein said first digital contentcomprises graphics, series of graphics, text, series of texts, picture,series of pictures, video, sequences of videos, audio track or series ofaudio tracks or any combination thereof.
 12. System according to claim1, wherein said right of use voucher further comprises: (a) a firstidentification tag for identifying a specific first parent client ofsaid first client family owning said right of use voucher; (b) a secondidentification tag for identifying content provider enabling access forsaid specific first parent client and one or more first child clients tosaid first digital content; (c) an authentication key pair operable forauthenticating said one or more first child vouchers and comprising apublic authentication key and a private authentication key.
 13. Systemaccording to claim 1, wherein each of said one or more first childvouchers comprises a copy of said first content key operable to enableeach of said one or more first child clients access to said firstdigital content.
 14. System according to claim 1, wherein said contentprovider is adapted to encrypt said right of use voucher by applying apublic encryption key of said first parent client.
 15. System accordingto claim 1, wherein said content provider enables said first parentclient to authenticate said one or more first child clients having saidone or more first client vouchers by communicating a signed childvoucher refresher comprising a validity period of associated first childvoucher and an identification tag of said associated first childvoucher.
 16. System according to claim 1, wherein said content provideris adapted to enable said first parent client to transfer said firstdigital content to reside in a local memory, to view said first digitalcontent at said content provider, to receive a stream of said firstdigital content from said content provider, or any combination thereof.17. System according to claim 1, wherein said content provider isadapted to enable said one or more first child clients to view saidfirst digital content at said content provider or said first parentclient, to receive a stream of said first digital content from saidcontent provider or said first parent client, or any combinationthereof.
 18. System according to claim 1, wherein said content provideris adapted to connect to a second client family comprising a secondparent client and one or more second child clients connected through athird communication network and wherein said content provider is adaptedto enable said one or more second child clients access to a seconddigital content on the basis of one or more second child vouchersassociated with said second digital content and with each of said one ormore second child clients.
 19. System according to claim 18, whereinsaid content provider is adapted to enable a first child client of saidfirst client family and a second child client of said second clientfamily to exchange a first child voucher associated with said firstdigital content and with said first child client and a second childvoucher associated with said second digital content and with said secondchild client.
 20. A right of use voucher for enabling a client familyaccess to digital content associated with said right of use voucher andcomprising: (a) a first identification tag for identifying a parentclient of said client family owning said right of use voucher; (b) asecond identification tag for identifying content provider enablingaccess for said parent client and one or more child clients of saidclient family to said digital content; (c) one or more child voucherscomprising a content key operable to enable said one or more childclients access to said digital content; and (d) an authentication keypair operable for authenticating said one or more child vouchers andcomprising a public authentication key and a private authentication key.21. A right of use voucher according to claim 20, wherein said right ofuse voucher is adapted for storage on a carrier such as a floppy disk, acompact disc, a digital versatile disc, a memory card, a memory stick,or any combination thereof, and/or adapted to be forwarded on acommunication network such as a wired or wireless telecommunicationnetwork, a terrestrial, satellite, or cable television network, apower-line network, a computer network, or any combination thereof. 22.Method for providing access to digital content comprising: (a)connecting to a first parent client by means of a content providerutilising a communication network; (b) communicating a first right ofuse voucher comprising one or more first child vouchers by means of saidcontent provider to said first parent client; (c) enabling said firstparent client to forward said one or more first child vouchers to one ormore first child clients through a second communication network; and (d)enabling said one or more first child clients to access said firstdigital content by means of said one or more first child vouchersprovided that the validity of said one or more first child vouchers isauthenticated.
 23. Method according to claim 22 further comprising (e)enabling said first parent client to access a first digital contentprovided by said content provider by means of said first right of usevoucher.
 24. Method according to claim 22 further comprising (f)encrypting said first digital content in accordance with an encryptionkey by means of said first parent client for said one or more firstchild clients comprising a decryption key associated with saidencryption key.
 25. Method according to claim 22 further comprising (g)receiving by means of said content provider a report from said firstparent client, which report comprises information on number childvouchers generated by means of a child voucher generating meansassociated with said right of use voucher.
 26. Method according to claim22 further comprising: (h) enabling said first parent clients to encryptsaid one or more first child vouchers with a public encryption keyassociated with said one or more first child clients beforecommunicating said one or more first child vouchers to said one or morefirst child clients; (i) enabling said one or more first child clientsto decrypt, preferably in a secure mode, said one or more first childvouchers with a private encryption key associated with said one or morefirst child clients to reveal a content key to enable access to saidfirst digital content.
 27. Method according to claim 26, wherein (h) and(i) are performed in a secure mode.
 28. Method according to claim 22,further comprising enabling said first parent client to authenticatesaid one or more first child clients by communicating a signed childvoucher refresher including a new validity period for said one or morefirst child vouchers and an identification tag of said one or more firstchild vouchers.
 29. Method according to claim 22 further comprising: (j)connecting to a second parent client by means of said content providerutilising said communication network; (k) communicating a second rightof use voucher including one or more second child vouchers by means ofsaid content provider to said second parent client; (l) enabling saidsecond parent client to access a second digital content provided by saidcontent provider by means of said second right of use voucher; (m)enabling said second parent client to forward said one or more secondchild vouchers to one or more second child clients through a thirdcommunication network; and (n) enabling said one or more second childclients to access said second digital content by means of said one ormore second child vouchers provided that the validity of said one ormore second child vouchers is authenticated by said second parentclient; and (o) enabling said one or more first child clients and saidone or more second child clients to exchange said one or more firstchild vouchers and said one or more second child vouchers.
 30. Methodaccording to claim 29, wherein said enabling exchange of said one ormore first and second child vouchers between said one or more first andsecond child clients further comprises: (i) verifying compatibilitybetween one or more first and second child vouchers; (ii) deactivatingto-be-exchanged child vouchers by setting stale flags in associatedright of use vouchers in said first and second parent client; (iii)enabling a first child client of said one or more first child clientshaving a second child voucher of said one or more second child vouchersaccess to said second digital content by means of said second childvoucher provided that said first parent client and said second parentclient are able to authenticate the validity of said second childvoucher; and (iv) enabling a second child client of said one or moresecond child clients having a first child voucher of said one or morefirst child vouchers access to said first digital content by means ofsaid first child voucher provided that said first parent client and saidsecond parent client are able to authenticate the validity of said firstchild voucher.
 31. Method according to claim 22, further comprising: (p)enabling access by a basic voucher to a low-resolution stream comprisingone or more basic data sets; (q) enabling access by a first enhancedvoucher to a first enhancement stream comprising one or more first datasets, which first data sets are based on said basic data sets. 32.Method according to claim 31, further comprising (r) enabling access bya second enhanced voucher to a second enhancement stream comprising oneor more second data sets, which second data sets are based on said firstdata sets.
 33. A content provider server for providing a right of usevoucher enabling a client family access to digital content associatedwith said right of use voucher comprising: (a) means for generating afirst identification tag for identifying a parent client of said clientfamily owning said right of use voucher; (b) means for generating asecond identification tag for identifying content provider enablingaccess for said parent client and one or more child clients of saidclient family to said digital content; (c) means for generating one ormore child vouchers comprising a content key operable to enable said oneor more child clients access to said digital content; and (d) means forgenerating an authentication key pair operable for authenticating saidone or more child vouchers and comprising a public authentication keyand a private authentication key.
 34. A communication terminal forreceiving a right of use voucher enabling access for said communicationterminal and one or more designated child terminals to a digital contentassociated with said right of use voucher according to claim 20, andcomprising: (a) means for identifying said first and secondidentification tag of said right of use voucher; (b) means fordistributing one or more child vouchers comprising a content keyoperable to enable said one or more designated child terminals access tosaid digital content; and (c) means for processing an authentication keypair operable for authenticating said one or more child vouchers andcomprising a public authentication key and a private authentication key.35. A communication terminal for receiving a child voucher enablingaccess a digital content associated with a right of use voucheraccording to claim 20, and comprising: (a) means for revealing a contentkey from said child voucher operable to enable said client access to adigital content; (b) means for accessing said digital content through acommunication network.
 36. A communication terminal according to claim35, wherein said communication terminal is adapted to access saiddigital content from a content provider, from said parent client, or anycombination thereof.
 37. A computer program comprising code adapted toperform the following steps when said program is run on a processor: (a)connecting to a first parent client by means of a content providerutilising a communication network; (b) communicating a first right ofuse voucher comprising one or more first child vouchers by means of saidcontent provider to said first parent client; (c) enabling said firstparent client to forward said one or more first child vouchers to one ormore first child clients through a second communication network; and (d)enabling said one or more first child clients to access said firstdigital content by means of said one or more first child vouchersprovided that the validity of said one or more first child vouchers isauthenticated.
 38. A computer program according to claim 37, whereinsaid processor comprising a content provider, a parent client, a childclient, or any combination thereof.